Chapter Contents
Previous
Next
|
Chapter Contents |
Previous |
Next |
| Communications Access Methods for SAS/CONNECT and SAS/SHARE Software |
| System and Software Requirements for SAS/CONNECT and SAS/SHARE |
Ensure that the following conditions have been met:
To use the TCP/IP access method with Windows NT, Windows 95 and Windows 98, install and configure:
Ensure that Windows NT 4.0 or a subsequent release has been installed.
To use the TCP/IP access method with Windows 32s, install and configure one of the following emulation packages:
| Setting SAS Options and Variables |
You may need to set specific options or variables to establish the connections that you want with SAS/CONNECT and SAS/SHARE when using the TCP/IP communications access method.
Consult with your network administrator to determine what options must be set and what values to assign to them.
You may specify an option in any of several forms, as follows:
OPTIONS SET=variable-name value;
Example:
options set=tcpsec _secure_;
-SET variable-name value
Example:
-set tcpsec _secure_
%LET variable-name=value;
Example:
%let tcpsec=_secure_;
SET variable-name=value
Example:
set tcpsec=_secure_
Values for these options or variables may contain up to eight characters, consisting of alphanumeric characters, the percent sign (%), the dollar sign ($), the pound sign (#), the at sign (@), and the underscore (_).
If you set multiple forms of the same option, here is the order of precedence that is followed:
| SAS macro variable | |
| OPTIONS statement | |
| AUTOEXEC file | |
| SAS invocation | |
| SAS configuration file | |
| DOS environment variable. |
Note: If you set the same option using different forms, typically the
last option setting will take precedence and override an earlier option setting. ![[cautionend]](../common/images/cautend.gif)
To display the settings of the SAS system options in the SAS log, use the OPTIONS procedure. The following statement produces a list of options with a brief explanation of what each option does:
proc options; run;
| Setting Security for SAS/CONNECT and SAS/SHARE |
For SAS/CONNECT, you must
supply identifying information to sign on
without a script to a remote host running a spawner program. A SAS/SHARE server,
running secured, requires identification from each connecting client. The
next two sections outline the version-specific methods for specifying client
identification for SAS/CONNECT and SAS/SHARE. The third section describes
how to configure your SAS/SHARE server to either require or not require connecting
clients to supply user identification.
Note: In the Windows environment, SAS/SHARE server security is supported
on the Windows NT platform only.
In Version 8, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the USER= and PASSWORD= options. These options are valid in the following statements:
| SIGNON |
| RSUBMIT |
| LIBNAME |
|
PROC
SQL
Connect to Remote |
PROC OPERATE
|
Specifying client identification in the TCPSEC option is still accepted but is not recommended in Version 8. The USER= and PASSWORD= options take precedence over the client TCPSEC option when both are specified. For example, a SAS/SHARE client's execution of a LIBNAME statement with values assigned to the USER= and PASSWORD= options would override a TCPSEC option setting in the same client SAS session.
Here is the syntax and definitions for these options:
| USER | USERNAME | USERID | UID=username | _PROMPT_ |
| PASSWORD | PASSWD | PASS | PWD | PW=password | _PROMPT_ |
Specifying these options allows a user on the local host whose username and password have been verified to access the remote host.
Note: The values provided
when prompted must NOT be quoted.
Specifying USER=_PROMPT_ and omitting the PASSWORD= specification will cause SAS to prompt you for both userid and password.
This is especially useful for allowing the SAS statements containing the USER= and PASSWORD= options to be copied and otherwise effectively reused by others.
For SAS/SHARE, the values supplied for the USER= and PASSWORD= options are valid for the duration of the remote host connection. Additional accesses of the remote host while the connection to that host is still in effect do not require re-supplying of the USER= and PASSWORD= options. For example, while the first connecting library assign to a SAS/SHARE server may require specification of the options, subsequent assigns to the same server will not need specification of these options as long as the original connection is in effect. A subsequent re-connect to the same server or connect to a different server would require re-supplying of the USER= and PASSWORD= options.
Here is a Version 8 example for SAS/SHARE:
libname test 'prog2 a' user=joeblue password="2muchfun" server=share1;
For SAS/CONNECT, these values are valid until SIGNOFF.
Here is a Version 8 example for SAS/CONNECT:
signon rmthost user=joeblack password=born2run;
As a security precaution, PASSWORD= field entries echoed in the log
are replaced with Xs. If _PROMPT_ was specified for entering the password,
the entry would not be displayed on the screen as it is typed.
In Version 6 and Version 7, you provide client identification to a SAS/CONNECT remote host or a SAS/SHARE server using the TCPSEC option. TCPSEC must be defined on the local host before you connect to the remote host (using the SIGNON statement) or access a SAS/SHARE server (using the LIBNAME statement).
Here is the syntax and description of this option.
| TCPSEC=userid.password | _PROMPT_ |
Note: If you are using the Windows NT native authentication facility,
you may not necessarily need to set TCPSEC at the client. See Setting Security for Connecting Clients for more details about setting
security for connecting clients.
When supplying username and password information to a Version 8 SAS session on Windows NT, you may specify username in the form Windows-NT-domain-name\username. Here is an example of how you might specify this information in the TCPSEC option:
options set=tcpsec "apex\bass.time2go";
Domain name
apex
identifies the location of the username and password database. Username
bass and password
time2go will be verified against those in the
identified domain's username and password database.
Note: The values provided when prompted must NOT
be quoted.
This technique is especially useful when the configuration
file specifying this option is shared among many users.
Examples:
options set=tcpsec _prompt_; options set=tcpsec bass.time2go; options set=tcpsec "apex\bass.time2go";
Note: SAS/SHARE server security
is supported on the Windows NT platform only.
The TCPSEC option also specifies whether the TCP/IP access method performs user authentication before connecting to a SAS/SHARE server. The TCPSEC option must be set on the server before you start the SAS/SHARE server.
Here is the syntax and description of this option.
| TCPSEC=_SECURE_ | _NONE_ |
Examples:
options set=tcpsec _secure_; options set=tcpsec _none_;
| SAS/CONNECT and SAS/SHARE Options |
| TCPSEL=NONE | BLOCK | POLL |
The algorithm used by the TCP/IP access method changed between Release 6.08 and Release 6.10 TS040 of SAS software to make the TCP/IP access method compatible with other access methods that might be used concurrently in a SAS program. For Windows NT, Windows 95, and Windows 32s, however, some SAS programs experienced a less efficient performance. An application's performance depends on which Windows TCP/IP package is used.
The Release 6.08 TCP/IP access method for Windows uses a polling algorithm that consumes CPU cycles even when a SAS program is idle. Although this consumption is acceptable with most single-user PC systems, such as Windows, this polling behavior is an unacceptable drain of resources for multi-user PC systems, such as Windows NT .
The Release 6.10 TCP/IP access method replaced the polling algorithm with one that uses asynchronous data notification with Windows messaging. For some applications and TCP/IP packages, the performance change between Release 6.08 to Release 6.10 is negligible. However, for some applications and TCP/IP packages, the Release 6.10 TCP/IP access method is slower than with Release 6.08.
By setting the option TCPSEL, you can use one of two other algorithms that may improve the performance of your application. You may specify any of the following:
Setting the TCPSEL option to an explicit value of NONE is the same as not setting it at all.
The value (BLOCK, POLL, or NONE) that you choose for TCPSEL depends on your application and which Windows TCP/IP package you are running. You should try your applications with each value to determine which one will give you the best performance.
You must set the option before you sign on to a SAS/CONNECT remote host or before you define a libref to a SAS/SHARE server. You cannot change the value during an active session. You do not need to exit SAS to change the value, but you must be signed off from all SAS/CONNECT sessions, and you must clear all libref statements that are assigned to SAS/SHARE servers.
| SAS/CONNECT Only Options and Variables |
| TCPPORTFIRST |
| TCPPORTLAST |
The TCPPORTFIRST and TCPPORTLAST options restrict the range of TCP/IP ports through which local hosts can remotely connect to remote hosts.
These options must be set at the SAS/CONNECT remote host.
Define the range of TCP/IP ports by assigning a beginning range value to TCPPORTFIRST and an ending range value to TCPPORTLAST, within the range of 0 through 32767.
Consult with your network administrator for advice about these settings.
Use the following syntax for the configuration file:
-TCPPORTFIRST n -TCPPORTLAST nUse the following syntax for the AUTOEXEC file:
OPTIONS TCPPORTFIRST=n; OPTIONS TCPPORTLAST=n;
In the following example, the local host is restricted to TCP/IP ports 4020 through 4050 when making a remote host connection:
options tcpportfirst=4020; options tcpportlast=4050;
To restrict the range of ports to only one port, you may set the TCPPORTFIRST and TCPPORTLAST options to the same number.
Note: At the remote host, you may set TCPPORTFIRST and TCPPORTLAST at
a SAS invocation or in the configuration file.
| TCPTN3270 |
TCPTN3270 is an environment variable that is set on the local host to support a connection to an OS/390 or a CMS host that uses full-screen 3270 TELNET protocol. The following script files are provided:
| CMS | TCPCMS32.SCR |
| OS/390 | TCPTSO32.SCR |
See Identifying a Script File for Signing On and Signing Off for information about these script files.
Set TCPTN3270 to the value of 1 at the Windows local host in the SAS configuration file or in an OPTIONS statement.
Examples:
-set tcptn3270 1 options set=tcptn3270 1;
The TCP/IP sample scripts TCPTSO32.SCR and TCPCMS32.SCR allow you to sign on and sign off in these environments.
| TCPMSGLEN n |
defines the size of the buffer in bytes that the TCP/IP access method uses for breaking up a message that it sends to or receives from the SAS/CONNECT application layer during a SAS/CONNECT session. The application layer uses a message size that is stored in the TBUFSIZE option (default 32K) that you may specify as an option in the SIGNON statement or as a SAS option. See SAS/SHARE User's Guide for information about the TBUFSIZE option.
If TBUFSIZE is larger than TCPMSGLEN, the TCP/IP access method breaks the message into a buffer whose size is defined by TCPMSGLEN and issues the number of send and receive messages that are necessary to complete the message transaction.
The platform-specific default size of TCPMSGLEN must be set at both the local and remote hosts. Default values by platform are shown in the following table.
| Platform | TCPMSGLEN Default Value |
|---|---|
| OS/390 | 8K |
| Windows | 16K |
| UNIX | 32K |
| OpenVMS | 32K |
If the values that are set for TCPMSGLEN at the local host and at the remote host are different, the smaller value of the two is used during the SAS/CONNECT session.
Use the following syntax to set these variables at SAS invocation or in the configuration file at the local and the remote hosts:
-set tcpmsglen 16384 -set tcptn3270 1
| SAS/SHARE Only Options |
| AUTHENCR=OPTIONAL | REQUIRED |
By default, a secure server accepts userids and passwords from clients in either encrypted or plain text form. The option to accept either form ensures compatibility with client sessions that are running older releases of SAS/SHARE .
To require only encrypted userids and passwords, you must set the AUTHENCR option as an environment variable or a SAS macro variable. Requiring encryption ensures that all clients have been upgraded to Release 6.11 or the 6.09 Enhanced Release of SAS software.
Setting this option in a server session controls encryption for clients connecting to a secured server.
See Setting SAS Options and Variables for examples of the forms that you can use to specify the AUTHENCR option.
Note: You must use either the environment variable or the SAS macro variable form to set AUTHENCR.
| AUTHSERVER NT-domain-or-NT-server-name |
Note: You may specify the AUTHSERVER option in an OPTIONS statement
in a SAS session or in an AUTOEXEC file, in a SAS configuration file, at SAS
invocation, or as a SAS macro variable.
For Version 8, you are not limited to specifying a single NT domain by means of the -AUTHSERVER option. Instead, you may bypass this option and specify the domain name in the form domain\username when you supply your username to the Windows NT environment. Here is an example of how you might specify this information in the SIGNON statement:
signon user=apex\bass password=time2go;
Domain name
apex
identifies the location of the username and password database. Username
bass and password
time2go will be verified against those in the
identified domain's username and password database.
|
Chapter Contents |
Previous |
Next |
 Top of Page |
Copyright 1999 by SAS Institute Inc., Cary, NC, USA. All rights reserved.